Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/prxaaWs4ptL-TsU6OLG114QkT_4.roa
File: prxaaWs4ptL-TsU6OLG114QkT_4.roa (raw, json)
Hash identifier: 5SXmN3VUK380KBO4bjZ9NXide+oMsQPEtlb5lp67beI=
Subject key identifier: A6:BC:5A:69:6B:38:A6:D2:FE:4E:C5:3A:38:B1:B5:D7:84:24:4F:FE
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0191B7BD4F5551326A2A65D43DA4BF30CB80
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/prxaaWs4ptL-TsU6OLG114QkT_4.roa
Signing time: Tue 03 Sep 2024 11:55:22 +0000
ROA not before: Tue 03 Sep 2024 11:55:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 834
IP address blocks: 82.152.176.0/23 maxlen: 23
82.152.178.0/24 maxlen: 24
82.153.136.0/22 maxlen: 22
82.153.220.0/24 maxlen: 24
82.153.243.0/24 maxlen: 24
89.213.44.0/23 maxlen: 24
89.213.50.0/23 maxlen: 23
89.213.56.0/22 maxlen: 22
89.213.129.0/24 maxlen: 24
89.213.145.0/24 maxlen: 24
89.213.148.0/22 maxlen: 24
89.213.152.0/22 maxlen: 24
89.213.156.0/22 maxlen: 24
89.213.167.0/24 maxlen: 24
89.213.172.0/22 maxlen: 24
89.213.196.0/22 maxlen: 24
89.213.200.0/22 maxlen: 24
89.213.204.0/22 maxlen: 24
89.213.228.0/22 maxlen: 22
89.213.228.0/23 maxlen: 24
89.213.232.0/22 maxlen: 24
89.213.236.0/22 maxlen: 24
109.176.16.0/21 maxlen: 24
109.176.20.0/24 maxlen: 24
109.176.23.0/24 maxlen: 24
109.176.204.0/22 maxlen: 24
109.176.240.0/24 maxlen: 24
109.176.242.0/23 maxlen: 24
185.49.126.0/23 maxlen: 24
194.105.80.0/20 maxlen: 20
194.105.90.0/23 maxlen: 24
212.38.88.0/23 maxlen: 24
213.130.138.0/24 maxlen: 24
213.210.39.0/24 maxlen: 24
213.210.58.0/24 maxlen: 24
213.218.211.0/24 maxlen: 24
217.145.65.0/24 maxlen: 24
217.145.66.0/24 maxlen: 24
217.145.72.0/21 maxlen: 24
217.145.76.0/24 maxlen: 24
217.145.78.0/24 maxlen: 24
217.145.79.0/24 maxlen: 24
Validation: Failed, certificate revoked on Wed 04 Sep 2024 14:37:22 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:b7:bd:4f:55:51:32:6a:2a:65:d4:3d:a4:bf:30:cb:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 3 11:55:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a6bc5a696b38a6d2fe4ec53a38b1b5d784244ffe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:8a:6a:e8:7e:77:e2:81:1f:74:7d:6f:2e:9c:
e9:4a:81:2e:13:d5:dc:e8:31:ee:07:a4:d4:f6:c9:
54:71:06:2a:ef:7a:49:96:da:40:dd:b9:b3:5b:4f:
b8:7e:bf:52:59:f7:d9:56:41:2e:c3:c7:07:d2:d0:
ae:c2:81:e4:e4:e7:87:22:fe:39:67:96:0b:b0:fb:
7c:35:ee:68:00:04:37:3f:35:35:df:6a:ff:15:1b:
cc:d4:84:38:6f:04:33:b6:88:40:00:fd:5d:fd:7a:
a1:32:da:30:c3:f2:b6:c2:95:63:8d:3e:48:16:f9:
ce:2b:0d:dd:27:a1:3c:bc:37:39:ee:c7:30:5d:0b:
f8:16:00:1b:cb:a6:9e:5c:50:51:60:dc:f3:e7:b0:
aa:4d:97:1a:62:df:4c:f1:7c:77:e3:a2:85:7e:15:
ad:dc:4c:46:bf:9e:81:a1:f7:93:01:d2:f2:50:b0:
f5:aa:b1:a3:3f:35:dc:78:e3:7f:39:9e:61:84:13:
82:49:32:ce:8c:3d:78:a9:7f:65:44:f0:53:69:c0:
91:1b:a3:f1:8c:d1:cf:f7:5c:a7:7d:a5:33:55:63:
51:5e:87:5f:d2:46:ed:e2:c7:ab:eb:cd:7a:a9:56:
09:27:98:5f:43:42:1c:42:87:a9:5d:3e:07:7f:4a:
dc:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A6:BC:5A:69:6B:38:A6:D2:FE:4E:C5:3A:38:B1:B5:D7:84:24:4F:FE
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/prxaaWs4ptL-TsU6OLG114QkT_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
82.152.176.0-82.152.178.255
82.153.136.0/22
82.153.220.0/24
82.153.243.0/24
89.213.44.0/23
89.213.50.0/23
89.213.56.0/22
89.213.129.0/24
89.213.145.0/24
89.213.148.0-89.213.159.255
89.213.167.0/24
89.213.172.0/22
89.213.196.0-89.213.207.255
89.213.228.0-89.213.239.255
109.176.16.0/21
109.176.204.0/22
109.176.240.0/24
109.176.242.0/23
185.49.126.0/23
194.105.80.0/20
212.38.88.0/23
213.130.138.0/24
213.210.39.0/24
213.210.58.0/24
213.218.211.0/24
217.145.65.0-217.145.66.255
217.145.72.0/21
Signature Algorithm: sha256WithRSAEncryption
21:eb:52:84:00:3a:76:cf:cb:8d:43:03:11:18:f4:d6:94:7f:
69:75:ef:f0:b5:1c:e3:8b:2c:f3:aa:5c:0e:cb:10:31:cf:f6:
40:0a:63:13:3b:7f:ad:0d:9d:29:6e:be:69:4e:e8:24:95:41:
a3:02:b5:ea:25:00:36:02:3c:db:9c:3d:82:f4:ff:0d:20:d4:
16:03:c9:5a:f9:d7:13:c5:01:c1:91:81:85:ab:b6:c0:97:c0:
82:8e:71:1e:f4:16:a6:a9:74:ce:41:1c:29:ec:ed:0f:03:57:
ae:c3:b8:20:66:2d:bb:b4:f9:df:7f:80:1c:1c:1b:b6:60:9c:
61:d7:0c:59:e9:60:e6:c5:b8:dd:2e:70:97:8e:32:34:8d:e4:
9d:a6:dd:92:89:ac:f8:18:ce:79:62:35:4c:e4:99:74:fa:54:
b2:e3:62:f0:99:75:25:4e:07:f3:a1:51:ba:a1:19:ab:1c:b9:
01:7b:0c:42:fa:d8:d7:3a:d5:35:61:da:6d:33:33:98:a5:a2:
2b:e7:9d:8f:cb:66:b4:4e:c9:ee:f7:71:d8:c6:6e:39:e7:46:
30:62:7a:14:95:94:7f:8e:6b:92:ce:5c:17:8c:d9:ee:82:2a:
7b:2c:9c:6a:10:26:39:45:2f:b8:0a:4e:41:e8:c5:83:ae:4c:
82:2f:94:a0
-----BEGIN CERTIFICATE-----
MIIFxjCCBK6gAwIBAgISAZG3vU9VUTJqKmXUPaS/MMuAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjQwOTAzMTE1NTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNmJjNWE2OTZiMzhhNmQyZmU0ZWM1M2EzOGIxYjVkNzg0MjQ0ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgopq6H534oEfdH1vLpzpSoEuE9Xc
6DHuB6TU9slUcQYq73pJltpA3bmzW0+4fr9SWffZVkEuw8cH0tCuwoHk5OeHIv45
Z5YLsPt8Ne5oAAQ3PzU132r/FRvM1IQ4bwQztohAAP1d/XqhMtoww/K2wpVjjT5I
FvnOKw3dJ6E8vDc57scwXQv4FgAby6aeXFBRYNzz57CqTZcaYt9M8Xx346KFfhWt
3ExGv56BofeTAdLyULD1qrGjPzXceON/OZ5hhBOCSTLOjD14qX9lRPBTacCRG6Px
jNHP91ynfaUzVWNRXodf0kbt4ser6816qVYJJ5hfQ0IcQoepXT4Hf0rceQIDAQAB
o4IC0jCCAs4wHQYDVR0OBBYEFKa8WmlrOKbS/k7FOjixtdeEJE/+MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvcHJ4YWFXczRwdEwtVHNVNk9MRzExNFFrVF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHnBggrBgEFBQcBBwEB/wSB1zCB1DCB0QQCAAEwgcowDAME
BFKYsAMEAFKYsgMEAlKZiAMEAFKZ3AMEAFKZ8wMEAVnVLAMEAVnVMgMEAlnVOAME
AFnVgQMEAFnVkTAMAwQCWdWUAwQFWdWAAwQAWdWnAwQCWdWsMAwDBAJZ1cQDBARZ
1cAwDAMEAlnV5AMEBFnV4AMEA22wEAMEAm2wzAMEAG2w8AMEAW2w8gMEAbkxfgME
BMJpUAMEAdQmWAMEANWCigMEANXSJwMEANXSOgMEANXa0zAMAwQA2ZFBAwQA2ZFC
AwQD2ZFIMA0GCSqGSIb3DQEBCwUAA4IBAQAh61KEADp2z8uNQwMRGPTWlH9pde/w
tRzjiyzzqlwOyxAxz/ZACmMTO3+tDZ0pbr5pTugklUGjArXqJQA2AjzbnD2C9P8N
INQWA8la+dcTxQHBkYGFq7bAl8CCjnEe9BamqXTOQRwp7O0PA1euw7ggZi27tPnf
f4AcHBu2YJxh1wxZ6WDmxbjdLnCXjjI0jeSdpt2Siaz4GM55YjVM5Jl0+lSy42Lw
mXUlTgfzoVG6oRmrHLkBewxC+tjXOtU1YdptMzOYpaIr552Py2a0Tsnu93HYxm45
50YwYnoUlZR/jmuSzlwXjNnugip7LJxqECY5RS+4Ck5B6MWDrkyCL5Sg
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:32:25 2025 by rpki-client